Home

CVE-2015-6117

Description

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka Microsoft SharePoint Security Feature Bypass, a different vulnerability than CVE-2016-0011.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.472

Associated Vulnerability

VulnerabilityOS Platform
Security Update for Microsoft Office 2007 suites (KB2881067)Windows
Security Update for Microsoft Office 2007 suites (KB3114541)Windows
Security Update for Microsoft Office Excel 2007 (KB3114540)Windows
Security Update for Microsoft Office PowerPoint 2007 (KB3114429)Windows
Security Update for Microsoft Office Visio 2007 suites (KB3114421)Windows
Security Update for Microsoft Office Word 2007 (KB3114549)Windows
Security Update for Microsoft Office 2010 (KB2881029) 32-Bit EditionWindows
Security Update for Microsoft Office 2010 (KB3114553) 32-Bit EditionWindows
Security Update for Microsoft Office 2010 (KB3114553) 64-Bit EditionWindows
Security Update for Microsoft Office 2010 (KB3114554) 32-Bit EditionWindows
Security Update for Microsoft Office 2010 (KB3114554) 64-Bit EditionWindows
Security Update for Microsoft Excel 2010 (KB3114564) 32-Bit EditionWindows
Security Update for Microsoft Excel 2010 (KB3114564) 64-Bit EditionWindows
Security Update for Microsoft PowerPoint 2010 (KB3114396) 32-Bit EditionWindows
Security Update for Microsoft PowerPoint 2010 (KB3114396) 64-Bit EditionWindows
Security Update for Microsoft Visio 2010 (KB3114402) 32-Bit EditionWindows
Security Update for Microsoft Visio 2010 (KB3114402) 64-Bit EditionWindows
Security Update for Microsoft Word 2010 (KB3114557) 32-Bit EditionWindows
Security Update for Microsoft Word 2010 (KB3114557) 64-Bit EditionWindows
Security Update for Microsoft Office 2013 (KB3039794) 32-Bit EditionWindows
Security Update for Microsoft Office 2013 (KB3114486) 32-Bit EditionWindows
Security Update for Microsoft Office 2013 (KB3114486) 64-Bit EditionWindows
Security Update for Microsoft Excel 2013 (KB3114504) 32-Bit EditionWindows
Security Update for Microsoft Excel 2013 (KB3114504) 64-Bit EditionWindows
Security Update for Microsoft PowerPoint 2013 (KB3114482) 32-Bit EditionWindows
Security Update for Microsoft PowerPoint 2013 (KB3114482) 64-Bit EditionWindows
Security Update for Microsoft Visio 2013 (KB3114489) 32-Bit EditionWindows
Security Update for Microsoft Visio 2013 (KB3114489) 64-Bit EditionWindows
Security Update for Microsoft Word 2013 (KB3114494) 32-Bit EditionWindows
Security Update for Microsoft Word 2013 (KB3114494) 64-Bit EditionWindows
Security Update for Microsoft Office 2016 (KB2920727) 32-Bit EditionWindows
Security Update for Microsoft Office 2016 (KB3114527) 32-Bit EditionWindows
Security Update for Microsoft Office 2016 (KB3114527) 64-Bit EditionWindows
Security Update for Microsoft Excel 2016 (KB3114520) 32-Bit EditionWindows
Security Update for Microsoft Excel 2016 (KB3114520) 64-Bit EditionWindows
Security Update for Microsoft PowerPoint 2016 (KB3114518) 64-Bit EditionWindows
Security Update for Microsoft Word 2016 (KB3114526) 32-Bit EditionWindows
Security Update for Microsoft Word 2016 (KB3114526) 64-Bit EditionWindows
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114546)Windows
Security Update for Microsoft Office Excel Viewer 2007 (KB3114547)Windows
Security Update for Word Viewer (KB3114569)Windows
Security Update for Microsoft SharePoint Foundation 2013 (KB3114503)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-19763Security Update for Microsoft Office Excel 2007 (KB3114540)
PATCH-19764Security Update for Microsoft Office PowerPoint 2007 (KB3114429)
PATCH-19765Security Update for Microsoft Office Visio 2007 suites (KB3114421)
PATCH-19766Security Update for Microsoft Office Word 2007 (KB3114549)
PATCH-19770Security Update for Microsoft Office 2010 (KB3114554) 32-Bit Edition
PATCH-19771Security Update for Microsoft Office 2010 (KB3114554) 64-Bit Edition
PATCH-19772Security Update for Microsoft Excel 2010 (KB3114564) 32-Bit Edition
PATCH-19773Security Update for Microsoft Excel 2010 (KB3114564) 64-Bit Edition
PATCH-19774Security Update for Microsoft PowerPoint 2010 (KB3114396) 32-Bit Edition
PATCH-19778Security Update for Microsoft Word 2010 (KB3114557) 32-Bit Edition
PATCH-19780Security Update for Microsoft Office 2013 (KB3039794) 32-Bit Edition
PATCH-19781Security Update for Microsoft Office 2013 (KB3114486) 32-Bit Edition
PATCH-19782Security Update for Microsoft Office 2013 (KB3114486) 64-Bit Edition
PATCH-19783Security Update for Microsoft Excel 2013 (KB3114504) 32-Bit Edition
PATCH-19784Security Update for Microsoft Excel 2013 (KB3114504) 64-Bit Edition
PATCH-19785Security Update for Microsoft PowerPoint 2013 (KB3114482) 32-Bit Edition
PATCH-19786Security Update for Microsoft PowerPoint 2013 (KB3114482) 64-Bit Edition
PATCH-19787Security Update for Microsoft Visio 2013 (KB3114489) 32-Bit Edition
PATCH-19788Security Update for Microsoft Visio 2013 (KB3114489) 64-Bit Edition
PATCH-19789Security Update for Microsoft Word 2013 (KB3114494) 32-Bit Edition
PATCH-19790Security Update for Microsoft Word 2013 (KB3114494) 64-Bit Edition
PATCH-19791Security Update for Microsoft Office 2016 (KB2920727) 32-Bit Edition
PATCH-19792Security Update for Microsoft Office 2016 (KB3114527) 32-Bit Edition
PATCH-19793Security Update for Microsoft Office 2016 (KB3114527) 64-Bit Edition
PATCH-19794Security Update for Microsoft Excel 2016 (KB3114520) 32-Bit Edition
PATCH-19795Security Update for Microsoft Excel 2016 (KB3114520) 64-Bit Edition
PATCH-19797Security Update for Microsoft PowerPoint 2016 (KB3114518) 64-Bit Edition
PATCH-19798Security Update for Microsoft Word 2016 (KB3114526) 32-Bit Edition
PATCH-19799Security Update for Microsoft Word 2016 (KB3114526) 64-Bit Edition
PATCH-19800Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114546)
PATCH-19801Security Update for Microsoft Office Excel Viewer 2007 (KB3114547)
PATCH-19802Security Update for Word Viewer (KB3114569)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234